When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I subscribe to this Certificate?

When you enroll in the course, you get access to all of the courses in the Certificate, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Sound the Alarm: Detection and Response

本课程是 Google Cybersecurity 专业证书的一部分

位教师：Google Career Certificates

324,874 人已注册

包含在中

了解更多

4个模块

深入了解一个主题并学习基础知识。

3,373 条评论

初级等级

无需具备相关经验

灵活的计划

2 周在 10 小时一周

自行安排学习进度

98%

大多数学生喜欢此课程

4个模块

深入了解一个主题并学习基础知识。

3,373 条评论

初级等级

无需具备相关经验

灵活的计划

2 周在 10 小时一周

自行安排学习进度

98%

大多数学生喜欢此课程

您将学到什么

Identify the steps to contain, eradicate, and recover from an incident
Analyze packets to interpret network communications
Understand basic syntax, components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools
Perform queries in Security Information and Event Management (SIEM) tools to investigate an event

您将获得的技能

您将学习的工具

要了解的详细信息

可分享的证书

添加到您的领英档案

作业

25 项作业

授课语言：英语（English）

积累 Computer Security and Networks 领域的专业知识

本课程是 Google Cybersecurity 专业证书专项课程的一部分

在注册此课程时，您还会同时注册此专业证书。

向行业专家学习新概念
获得对主题或工具的基础理解
通过实践项目培养工作相关技能
通过 Google 获得可共享的职业证书

该课程共有4个模块

This is the sixth course in the Google Cybersecurity Certificate. Learners will focus on incident detection and response. They will learn what defines a security incident and explain the incident response lifecycle, including the roles and responsibilities of incident response teams. Learners will analyze and interpret network communications to detect security incidents using packet sniffing tools to capture network traffic. By assessing and analyzing artifacts, learners will explore the incident investigation and response processes and procedures. Additionally, they will develop a conceptual overview of log data and their role in intrusion detection systems (IDS) and Security Information Event Management (SIEM) tools. Learners who complete this certificate will be equipped to apply for entry-level cybersecurity roles. No previous experience is necessary.

By the end of this course, you will: - Explain the lifecycle of an incident. - Describe the tools used in documentation, detection, and management of incidents. - Analyze packets to interpret network communications. - Perform artifact investigations to analyze and verify security incidents. - Identify the steps to contain, eradicate, and recover from an incident. - Determine how to read and analyze logs during incident investigation. - Interpret the basic syntax and components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools. - Perform queries in Security Information and Event Management (SIEM) tools to investigate an event.

单元详情

This module provides an overview of detection and incident response. Learners will explore how security professionals verify and respond to malicious threats. Learners will also become familiar with the steps involved in incident response. This overview will be the foundation for the next module.

涵盖的内容

12个视频7篇阅读材料6个作业1个插件

12个视频总计30分钟

Introduction to Course 6 2分钟
Dave: Grow your cybersecurity career with mentors3分钟
Welcome to module 1 2分钟
Introduction to the incident response lifecycle 4分钟
Incident response teams 3分钟
Fatima: The importance of communication during incident response3分钟
Incident response plans2分钟
Incident response tools 2分钟
The value of documentation 3分钟
Intrusion detection systems 2分钟
Alert and event management with SIEM and SOAR tools4分钟
Wrap-up 1分钟

7篇阅读材料总计44分钟

Course 6 overview4分钟
Helpful resources and tips4分钟
Portfolio Activity Exemplar: Document an incident with an incident handler's journal4分钟
Roles in response 8分钟
Overview of detection tools 8分钟
Overview of SIEM technology 12分钟
Glossary terms from module 14分钟

6个作业总计114分钟

Test your knowledge: The incident response lifecycle8分钟
Test your knowledge: Incident response operations8分钟
Test your knowledge: Detection and documentation tools 8分钟
Test your knowledge: Management tools20分钟
Portfolio Activity: Document an incident with an incident handler's journal20分钟
Module 1 challenge50分钟

1个插件总计10分钟

Explore: Apply the NIST lifecycle to a vishing scenario10分钟

In this module, learners will be provided with an overview of network analysis tools more commonly referred to as “packet sniffers”. In particular, learners will sniff the network and analyze packets for malicious threats. Learners will also craft common filtering commands in both tcpdump and Wireshark to analyze the contents of packet capture.

涵盖的内容

9个视频10篇阅读材料5个作业4个应用程序项目

9个视频总计23分钟

Welcome to module 21分钟
Casey: Apply soft skills in cybersecurity2分钟
The importance of network traffic flows3分钟
Data exfiltration attacks4分钟
Packets and packet captures3分钟
Interpret network communications with packets2分钟
Reexamine the fields of a packet header4分钟
Packet captures with tcpdump4分钟
Wrap-up1分钟

10篇阅读材料总计64分钟

Maintain awareness with network monitoring 8分钟
Learn more about packet captures 8分钟
Investigate packet details8分钟
Resources for completing labs4分钟
Lab tips and troubleshooting steps4分钟
Exemplar: Analyze your first packet8分钟
Overview of tcpdump 8分钟
Exemplar: Capture your first packet8分钟
Activity Exemplar: Research network protocol analyzers4分钟
Glossary terms from module 24分钟

5个作业总计104分钟

Test your knowledge: Understand network traffic8分钟
Test your knowledge: Capture and view network traffic8分钟
Test your knowledge: Packet inspection8分钟
Activity: Research network protocol analyzers30分钟
Module 2 challenge50分钟

4个应用程序项目总计80分钟

Activity: Analyze your first packet30分钟
Optional Exemplar: Analyze your first packet10分钟
Activity: Capture your first packet30分钟
Optional Exemplar: Capture your first packet10分钟

In this module, Learners will explore the various processes and procedures in the stages of incident detection, investigation, analysis, and response as framed by NIST. They will utilize VirusTotal as an investigative tool to analyze the details of suspicious file hashes. Learners will recognize the importance of documentation and evidence collection during the detection and response stages. Finally, learners will approximate an incident’s chronology by mapping artifacts to reconstruct an incident’s timeline.

涵盖的内容

11个视频11篇阅读材料7个作业2个插件

11个视频总计27分钟

Welcome to module 3 1分钟
The detection and analysis phase of the lifecycle 2分钟
MK: Changes in the cybersecurity industry3分钟
The benefits of documentation 2分钟
Document evidence with chain of custody forms 4分钟
The value of cybersecurity playbooks 3分钟
The role of triage in incident response 3分钟
Robin: Foster cross-team collaboration3分钟
The containment, eradication, and recovery phase of the lifecycle2分钟
The post-incident activity phase of the lifecycle 2分钟
Wrap-up 1分钟

11篇阅读材料总计78分钟

Cybersecurity incident detection methods8分钟
Ongoing Monitoring of CI/CD10分钟
Indicators of compromise8分钟
Analyze indicators of compromise with investigative tools8分钟
Activity Exemplar: Investigate a suspicious file hash4分钟
Best practices for effective documentation 8分钟
Activity Exemplar: Use a playbook to respond to a phishing incident4分钟
The triage process 8分钟
Business continuity considerations8分钟
Post-incident review 8分钟
Glossary terms from module 34分钟

7个作业总计144分钟

Activity: Investigate a suspicious file hash20分钟
Test your knowledge: Incident detection and verification8分钟
Activity: Use a playbook to respond to a phishing incident30分钟
Test your knowledge: Response and recovery8分钟
Activity: Review a final report20分钟
Test your knowledge: Post-incident actions 8分钟
Module 3 challenge50分钟

2个插件总计20分钟

Identify: Indicators of compromise10分钟
Identify: Explore an incident event timeline10分钟

In this module, learners will be provided with a conceptual overview of logs and their role in intrusion detection systems (IDSs) and Security Information and Event Management tools (SIEMs). The module will discuss the general concept of an IDS and how it works to detect attacks before highlighting specific IDS and SIEM products, such as Suricata, Splunk, Google SecOps (Chronicle), and Wazuh, respectively. Learners will then develop an understanding of how to access and navigate within Suricata and how basic rules are set up to provide alerts, events, and logs for malicious network traffic. This module will conclude with an introduction to Splunk, Google SecOps (Chronicle), and Wazuh, and will showcase some of their features, including common commands for search queries.

涵盖的内容

14个视频13篇阅读材料7个作业2个应用程序项目1个插件

14个视频总计41分钟

Welcome to module 4 1分钟
The importance of logs 4分钟
Rebecca: Learn new tools and technologies2分钟
Variations of logs 4分钟
Security monitoring with detection tools 4分钟
Grace: Security mindset in detection and response3分钟
Components of a detection signature 4分钟
Examine signatures with Suricata4分钟
Examine Suricata logs2分钟
Reexamine SIEM tools2分钟
Query for events with Splunk4分钟
Query for events with Google SecOps4分钟
Wrap-up 1分钟
Course wrap-up 2分钟

13篇阅读材料总计82分钟

Best practices for log collection and management8分钟
Overview of log file formats8分钟
Detection tools and techniques8分钟
Overview of Suricata8分钟
Exemplar: Explore signatures with Suricata8分钟
Log sources and log ingestion8分钟
Search methods with SIEM tools8分钟
Follow-along guide for Wazuh setup10分钟
Glossary: Network traffic and logs using IDs and SIEM Tools4分钟
Portfolio Activity Exemplar: Finalize your incident handler's journal4分钟
Reflect and connect with peers2分钟
Course 6 glossary2分钟
Get started on the next course 4分钟

7个作业总计164分钟

Test your knowledge: Overview of logs8分钟
Test your knowledge: Log components and formats8分钟
Test your knowledge: Overview of intrusion detection systems (IDS) 8分钟
Activity: Perform a query with Wazuh30分钟
Test your knowledge: Overview of SIEM tools30分钟
Module 4 challenge50分钟
Portfolio Activity: Finalize your incident handler's journal30分钟

2个应用程序项目总计40分钟

Activity: Explore signatures and logs with Suricata30分钟
Optional Exemplar: Explore signatures and logs with Suricata10分钟

1个插件总计10分钟

Identify: Match log files to their file format10分钟

获得职业证书

将此证书添加到您的 LinkedIn 个人资料、简历或履历中。在社交媒体和绩效考核中分享。

位教师

授课教师评分

(751个评价)

Google Career Certificates

Google

386 门课程16,646,662 名学生

提供方

Google

学生评论

5 stars
84.19%
4 stars
11.48%
3 stars
2.84%
2 stars
0.71%
1 star
0.76%

显示 3/3373 个

已于 Jul 11, 2024审阅

I loved this coursed and learned so much. The only thing I would have liked to see is if the all of the SIEM tools were integrated into a lab like many of the other labs are directly in the courses.

已于 May 8, 2025审阅

The professor’s teaching is excellent, making complex topics easy to understand. The study material provided is also awesome and very helpful for learning. Highly recommended!

已于 Oct 16, 2023审阅

Learnt a lot about SIEM tools and much more that are all ready to be applied in the job. Thanks a lot to Google and Coursera for such a wonderful session.

查看更多评论